Q201. Derek has stumbled upon a wireless network and wants to assess its security. However, he does not find enough traffic for a good capture. He intends to use AirSnort on the captured traffic to crack the WEP key and does not know the IP address range or the AP. How can he generate traffic on the network so that he can capture enough packets to crack the WEP key? 

A. Use any ARP requests found in the capture 

B. Derek can use a session replay on the packets captured 

C. Derek can use KisMAC as it needs two USB devices to generate traffic 

D. Use Ettercap to discover the gateway and ICMP ping flood tool to generate traffic 

Answer: D

Explanation: By forcing the network to answer to a lot of ICMP messages you can gather enough packets to crack the WEP key. 


Q202. Peter has been monitoring his IDS and sees that there are a huge number of ICMP Echo Reply packets that are being received on the External Gateway interface. Further inspection reveals they are not responses from internal hosts request but simply responses coming from the Internet. What could be the likely cause of this? 

A. Someone Spoofed Peter’s IP Address while doing a land attack 

B. Someone Spoofed Peter’s IP Address while doing a DoS attack 

C. Someone Spoofed Peter’s IP Address while doing a smurf Attack 

D. Someone Spoofed Peter’s IP address while doing a fraggle attack 

Answer:

Explanation: An attacker sends forged ICMP echo packets to broadcast addresses of vulnerable networks with forged source address pointing to the target (victim) of the attack. All the systems on these networks reply to the victim with ICMP echo replies. This rapidly exhausts the bandwidth available to the target. 


Q203. What is the proper response for a X-MAS scan if the port is closed? 

A. SYN 

B. ACK 

C. FIN 

D. PSH 

E. RST 

F. No response 

Answer:

Explanation: Closed ports respond to a X-MAS scan with a RST. 


Q204. Samantha was hired to perform an internal security test of company. She quickly realized that all networks are making use of switches instead of traditional hubs. This greatly limits her ability to gather information through network sniffing. 

Which of the following techniques can she use to gather information from the switched network or to disable some of the traffic isolation features of the switch? (Choose two) 

A. Ethernet Zapping 

B. MAC Flooding 

C. Sniffing in promiscuous mode 

D. ARP Spoofing 

Answer: BD

Explanation: In a typical MAC flooding attack, a switch is flooded with packets, each containing different source MAC addresses. The intention is to consume the limited memory set aside in the switch to store the MAC address-to-physical port translation table.The result of this attack causes the switch to enter a state called failopen mode, in which all incoming packets are broadcast out on all ports (as with a hub), instead of just down the correct port as per normal operation. The principle of ARP spoofing is to send fake, or 'spoofed', ARP messages to an Ethernet LAN. These frames contain false MAC addresses, confusing network devices, such as network switches. As a result frames intended for one machine can be mistakenly sent to another (allowing the packets to be sniffed) or an unreachable host (a denial of service attack). 


Q205. If an attacker's computer sends an IPID of 31400 to a zombie (Idle Scanning) computer on an open port, what will be the response? 

A. 31400 

B. 31402 

C. The zombie will not send a response 

D. 31401 

Answer: D


Q206. Eve is spending her day scanning the library computers. She notices that Alice is using a computer whose port 445 is active and listening. Eve uses the ENUM tool to enumerate Alice machine. From the command prompt, she types the following command. 

For /f "tokens=1 %%a in (hackfile.txt) do net use * \\10.1.2.3\c$ /user:"Administrator" %%a 

What is Eve trying to do? 

A. Eve is trying to connect as an user with Administrator privileges 

B. Eve is trying to enumerate all users with Administrative privileges 

C. Eve is trying to carry out a password crack for user Administrator 

D. Eve is trying to escalate privilege of the null user to that of Administrator 

Answer: C

Explanation: Eve tries to get a successful login using the username Administrator and passwords from the file hackfile.txt. 


Q207. Choose one of the following pseudo codes to describe this statement: 

If we have written 200 characters to the buffer variable, the stack should stop because it cannot hold any more data. 

A. If (I > 200) then exit (1) 

B. If (I < 200) then exit (1) 

C. If (I <= 200) then exit (1) 

D. If (I >= 200) then exit (1) 

Answer: D


Q208. In Trojan terminology, what is a covert channel? 

A. A channel that transfers information within a computer system or network in a way that violates the security policy 

B. A legitimate communication path within a computer system or network for transfer of data 

C. It is a kernel operation that hides boot processes and services to mask detection 

D. It is Reverse tunneling technique that uses HTTPS protocol instead of HTTP protocol to establish connections 

Answer: A


Q209. Why attackers use proxy servers? 

A. To ensure the exploits used in the attacks always flip reverse vectors 

B. Faster bandwidth performance and increase in attack speed 

C. Interrupt the remote victim's network traffic and reroute the packets to attackers machine 

D. To hide the source IP address so that an attacker can hack without any legal corollary 

Answer: D


Q210. You are gathering competitive intelligence on an organization. You notice that they have jobs listed on a few Internet job-hunting sites. There are two jobs for network and system administrators. How can this help you in foot printing the organization? 

A. To learn about the IP range used by the target network 

B. To identify the number of employees working for the company 

C. To test the limits of the corporate security policy enforced in the company 

D. To learn about the operating systems, services and applications used on the network 

Answer: D